February 01, 2019
Senator Marco Rubio's (R-FL) American Data Dissemination Act would preempt state data privacy laws with a federal regulatory regime, while potentially covering the gathering and handling of employee data.
The bill does not define or mention "consumers," despite being intended to protect consumer data. The recently-passed California Consumer Protection Act—which, along with the EU's General Data Protection Regulation, may serve as a benchmark for future federal lawmaking—is similarly unclear in this area.
Any entity that “provides a service that uses the internet” and collects personal data in the process would be subject to the legislation.
The bill's definition of personal data includes electronic identification numbers, routing codes, or any other name or number that could be used alone or in conjunction with any other information to identify an individual.
Under the bill:
Outlook: Though it has attracted the support of certain tech industry groups, the bill is likely to be one of many, with other efforts in the Senate expected to emerge in the upcoming weeks. By failing to specify whether it covers employee data, the bill illustrates the danger to the employer community that data privacy legislation could be enacted without recognizing the critical distinction between consumer data and HR data, where expectations of privacy are significantly different.